require-sri-for has been removed from Spec [#3106728]

require-sri-for has been removed from Firefox (previously only available behind a flag), and was never implemented in Chrome, so has been removed from the spec.

https://github.com/w3c/webappsec-csp/pull/417
https://github.com/w3c/webappsec-subresource-integrity/pull/82
https://bugzilla.mozilla.org/show_bug.cgi?id=1386214
https://bugs.chromium.org/p/chromium/issues/detail?id=618924#c11

Comments

Comment #1

15 January 2020 at 22:49

gapple created an issue. See original summary.

Comment #2

gapple

he/they

English

commented 15 January 2020 at 22:50

Issue summary:

View changes

Comment #3

26 January 2020 at 23:39

gapple committed 5984774 on 8.x-1.x

Issue #3106728: require-sri-for has been removed from SRI spec

Comment #4

gapple

he/they

English

commented 26 January 2020 at 23:42

Status:

Active

» Fixed

The directive is still defined in \Drupal\csp\Csp, so that existing uses don't start throwing validation exceptions, but the fields on the administration form and the configuration schema have been removed.

Comment #5

9 February 2020 at 23:44

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

require-sri-for has been removed from Spec

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

News items

Our community

Documentation

Drupal code base

Governance of community